You are here

Privacy And Personal Data Protection

Application of the principles


Privacy And Personal Data Protection

Everyone has the right to privacy online, including the right to the protection of personal data concerning him or her. Everyone has the right to communicate anonymously on the Internet, and to use appropriate technology to ensure secure, private and anonymous communication.

The right to privacy on the Internet should not be subject to any restrictions, except those that are provided by law, pursue a legitimate aim as expressly listed under international human rights law, (as specified in Article 3 of this Declaration) and are necessary and proportionate in pursuance of a legitimate aim.

Personal data or information shall only be collected and/or processed by states and non-state actors such as access providers, mail providers, hosts and other intermediaries, in compliance with well-established data protection principles, including the following: personal data or information must be processed fairly and lawfully; personal data or information must be obtained only for one or more specified and lawful purposes; personal data or information must not be excessive in relation to the purpose or purposes for which they are processed; and personal data or information must be deleted when no longer necessary for the purposes for which it is collected.

The collection, retention, use and disclosure of personal data or information must comply with a transparent privacy policy which allows people to find out what data or information is collected about them, to correct inaccurate information, and to protect such data or information from disclosure that they have not authorised. The public should be warned about the potential for misuse of data that they supply online. Government bodies and non-state actors collecting, retaining, processing or disclosing data have a responsibility to notify the concerned party when the personal data or information collected about them has been abused, lost or stolen.

Mass or indiscriminate surveillance of individuals or the monitoring of their communications, constitutes a disproportionate interference, and thus a violation, of the right to privacy, freedom of expression and other human rights. Mass surveillance shall be prohibited by law.

The collection, interception and retention of communications data amounts to an interference with the right to privacy and freedom of expression whether or not the data is subsequently examined or used.
In order to meet the requirements of international human rights law,
targeted surveillance of online communications must be governed by clear and transparent laws which, at a minimum, comply with the following basic principles: first, communications surveillance must be both targeted and based on reasonable suspicion of commission or involvement in the commission of serious crime; second, communications surveillance must be judicially authorised and individuals placed under surveillance must be notified that their communications have been monitored as soon as practicable after the conclusion of the surveillance operation; third, the application of surveillance laws must be subject to strong parliamentary oversight to prevent abuse and ensure the accountability of intelligence services and law enforcement agencies.

It should also be recognised that for the enjoyment of their right to privacy, individuals must be protected from unlawful surveillance by other individuals, private entities or institutions, including in their place of work or study and in public internet access points.
 Go Back

You can also:
 See relevant resources related to this principle.
 Join the Conversation.


Share Share